HTTP Headers Analysis for https://postwork.gr

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Basic

default-src; script-src; img-src; +10 more

default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.clarity.ms/ https://scripts.clarity.ms/ https://snap.licdn.com/ https://www.redditstatic.com/ https://cdn-cookieyes.com/ https://pagead2.googlesyndication.com/ https://js.navattic.com/ https://ajax.cloudflare.com https://www.googleadservices.com/ https://*.ingest.de.sentry.io/ blob: https://js.hcaptcha.com https://www.googletagmanager.com https://maps.googleapis.com https://*.gstatic.com https://connect.facebook.net/ https://googleads.g.doubleclick.net/ https://apis.google.com *.googleusercontent.com; img-src 'self' https://c.bing.com/ https://c.clarity.ms/ https://www.linkedin.com/ https://px.ads.linkedin.com/ https://postwork.fra1.cdn.digitaloceanspaces.com/ https://alb.reddit.com/ https://www.googleadservices.com/ https://cdn-cookieyes.com/ https://www.google.gr/ https://www.google.com/ https://www.facebook.com/ https://*.postwork.gr https://maps.googleapis.com https://*.gstatic.com https://www.googletagmanager.com https://apis.google.com https://googleads.g.doubleclick.net/ *.googleusercontent.com data:; media-src 'self' https://postwork.fra1.cdn.digitaloceanspaces.com/ https://*.postwork.gr; connect-src 'self' https://j.clarity.ms/ https://st.postwork.gr www.googletagmanager.com www.google.com https://pixel-config.reddit.com https://www.redditstatic.com/ https://conversions-config.reddit.com/ https://www.facebook.com/privacy_sandbox/topics/registration/ https://directory.cookieyes.com/api/ https://log.cookieyes.com/api/ https://cdn-cookieyes.com/ https://log.cookieyes.com/api/v1/log https://pagead2.googlesyndication.com/ https://google.com/ccm/ https://google.com/pagead/ https://adservice.google.com/ https://www.googleadservices.com/ https://www.google.com/ https://*.ingest.de.sentry.io/ https://sentry.hcaptcha.com/ https://*.postwork.gr https://maps.googleapis.com https://apis.google.com https://*.gstatic.com data: blob: *.google-analytics.com https://newassets.hcaptcha.com/; font-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self' https://status.postwork.gr/ https://www.facebook.com/ https://capture.navattic.com/ https://www.googletagmanager.com/ https://td.doubleclick.net/ https://www.google.com https://newassets.hcaptcha.com/; object-src 'none'; base-uri 'self'; worker-src 'self' blob: ; child-src 'self' blob: ; frame-ancestors 'none';

X-Frame-Options

Excellent

DENY

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

3 headers

Connection

Performance

close

Transfer-Encoding

Performance

chunked

Vary

Performance

rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch, Accept-Encoding

Caching Headers

1 headers

Cache-Control

Caching

s-maxage=31536000

Content Headers

1 headers

Content-Type

Content

text/html; charset=utf-8

Server Headers

2 headers

Server

cloudflare

X-Powered-By

Server

Next.js

CORS Headers

0 headers

No CORS headers found

Cookies Headers

1 headers

Set-Cookie

Cookies

__cf_bm=OQi0EIC1UrQYD8g2rNW8qz0YTq9cyiGpSGa24TMW7Zw-1766675853-1.0.1.1-EuslSfjREb0ToP4R9H9w4rWkdatxnD08cSVlck2FmQ3VTj.agh7W7dKicvTvCqfXUCm8Ynz2gghCW6Bd1kNddil6VV0HJVJGoNJD_zbIYyE; path=/; expires=Thu, 25-Dec-25 15:47:33 GMT; domain=.postwork.gr; HttpOnly; Secure; SameSite=None

Other Headers

12 headers

Cf-Cache-Status

Other

DYNAMIC

Cf-Ray

Other

9b394e5168b6a124-IAD

Date

Other

Thu, 25 Dec 2025 15:17:33 GMT

Nel

Other

{"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}

Report-To

Other

{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=ghA5O5MLZOwrWGDe8Qu38M9CA7nsl0sH9aEB%2BV6lzXSAstWlSXMrmwuJL0%2BgxlsjE2TkDWFve0iE%2BDK7msvNcQKScs3VPcwOHEo%3D"}]}

X-Do-App-Origin

Other

17f3597d-e7ba-4962-8fb5-adf026c20053

X-Do-Orig-Status

Other

200

X-Middleware-Rewrite

Other

/el

X-Next-I18n-Router-Locale

Other

el

X-Nextjs-Cache

Other

HIT

X-Nextjs-Prerender

Other

1

X-Nextjs-Stale-Time

Other

300

Recommendations

Enable compression (gzip/brotli) to improve performance

Consider removing X-Powered-By header to hide server technology